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(54) Authentication method and authentication device for secured communications between an 
ATM mobile terminal and an ATM access node of a wireless ATM radio communication 
network 



(57) A mobile terminal (MT) sets up a wireless ATM 
radio communication connection (WCC) to an access 
node (AN) of a wireless ATM radio communication net- 
work (WATM). On the communication connection 
(WCC) a secret communication key (CK) is used which 
has been agreed upon by the ATM access node (AN) nd 
the ATM mobile terminal (MT). Once the operating com- 
munication connection (WCC) is established, the 
mobile terminal (MT) can request authentication infor- 
mation (Al) from the security server (SSD) located in the 
(WATM) system or another network (FN) connected to 

R3.3 



the access node (AN). If after setting up the communi- 
cation connection (WCC) the authentication information 
(Al) is received tn a predetermined time period at said 
access node (AN) , the mobile terminal is authenticated 
at the access node (AN). Since the communication 
channel (WCC) is always setup before the authentica- 
tion procedure, also security functions from other inter- 
connected networks can be accessed and thus a high 
level of confidentiality as well as security can be main- 
tained. 
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Description 

Held of the Invention 

[0001 ] The invention relates to a method for setting up 
a secured communication between an ATM mobile ter- 
minal and an ATM access node of a wireless ATM radio 
communication network. Furthermore, the invention 
relates to an authentication device for such a -wireless 
ATM radio communication network. The invention also 
relates to the ATM access node of such a wireless ATM 
radio communication network. Furthermore, the inven- 
tion relates to an ATM mobile terminal usable within 
such a wireless ATM radio communication network. 
[0002] In wireless ATM radio communication net- 
works, generally two steps must be performed in order 
to connect an ATM mobile terminal to an ATM access 
node, namely an authentication step where authentica- 
tion information is exchanged between the mobile termi- 
nal and the access node, and a second step in which 
the wireless connection is set up and in which a secret 
ciphering key is agreed upon (which is used in an 
encryption procedure to encrypt the data to be transmit- 
ted) such that the wireless ATM connection has a high 
degree of confidentiality. The exchange of authentica- 
tion information and the setting up of the wireless con- 
nection with the agreed confidentiality key requires the 
exchange o1 signals between the mobile terminal and. 
the access node according to a predefined protocol. 
[0003] Some protocols allow the exchange of the 
shared authentication information prior to setting up the 
wireless connection with the session key. However, as 
will be explained below, there are some protocols a ses- 
sion needs to be first established and only then the 
secret shared authentication information can be made 
available. This drawback is very significant, if for exam- 
ple a first signaling protocol is used on the wireless link 
between the mobile terminal and the access node and 
another protocol is used between the access node of 
the ATM communication network and an access node of 
other interconnected fixed networks. 
[0004] The invention in particular relates to the estab- 
lishment of a secure ATM wireless connection between 
the ATM mobile terminal and the ATM access node for 
the case where different signaling protocols are used. 

Background of the invention 

[0005] Wireless ATM systems are currently standard- 
ized within t)oth the ETSI project BRAN and the ATM 
Eorum Wireless ATM group. Examples of such wireless 
ATM systems are for example an ATM wireless access 
communication system (AWACS system), a wireless 
professional and residential multimedia applications 
(MEDIAN application) for indoor customer premises 
networks, the Magic WAND demonstrator (wireless 
ATM network demonstrator) for Indoor and outdoor 
applications in customer premises and public networks. 



the SAMBA system, an ATM based mobile system like a 
broadband mobile communication for multimedia on 
ATM-basis supported by the German Ministry for 
Research and Education, or a high performance radio 
5 local area network (HIPERLAN system) etc. 

[0006] Each of the aforementioned wireless ATM sys- 
tems is defined for specific different application areas. 
Some of them are for example designed for wireless 
local area networks (LANs) or to the extension or 
10 replacement of fixed LANs. Other systems are specifi- 
cally designed for broadband access (e.g. to UMTS or 
to the GSM or GPRS core networks) or to point-to- 
multipoint systems. 

[0007] A general configuration of interacting networks 

15 including wireless ATM systems is shown in the 
attached Fig. 1a. Such systems are currently investi- 
gated in the aforementioned standardizing committees. 
As is seen in Fig. 1 a. several different types of networks 
are interconnected through access nodes AN (also 

20 called access points). The network A may be provided 
for fixed wireless components communicating through a 
wireless channel (e.g. through fixed wireless LANs and 
a network access via microwave links). The network B 
may comprise mobile end users communicating directly 

25 with the fixed network switching elements (e.g. digital 
cellular telephony. PCS. wireless LAN). The networks C, 
D may represent mobile switches with fixed end users 
where the end users have a fixed connection (either 
wired or wireless) to a switch. The switch and the end 

30 user, as a unit, are mobile, witii tiie switch having a 
wired or wireless connection to fixed network switching 
elements (e.g. to a fixed network on board of a passen- 
ger plane, military aircraft or navel vessel). Further- 
more, in the network D mobile switches with mobile end 

35 users may be provided, i.e. the mobile terminals estab- 
lish connections with switches which are themselves 
mobile and which then establish a connection to a fixed 
network, as is the case e.g. in LEO satellite based 
switching to mobile stations, wireless end user devices; 

40 wireless connection to mobile switches on emergency 
or military vehicles). Another example is shown at E, 
which is summarized as wireless ad hoc networks. 
Here, wireless networks are provided, when there is no 
access node available (e.g. laptops gathered together in 

45 a business conferencing environment). It also considers 
cases where access nodes cannot be placed at art>i- 
trary locations and where plug-and-pIay and network 
flexibility are important considerations (e.g. for a resi- 
dential user). This requirement can be met by support- 

50 ing auto-configuration of a wireless ATM network. Both 
mobile end users and fixed wireless end users are pos- 
sible. Ad hoc networks can also extend the coverage of 
existing access-node-orientated networks by wireless 
means by use of fonwarding nodes, which act as inter- 

55 mediate relay points (transfer nodes) and fonward ATM 
packets from one WATM radio frequency to another 
WATM radio frequency. It is envisaged that in the initial 
stage a wireless ATM system will use an operating fre- 
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quency of 5 GHz and a a[\^lable user data rate of 25 
Mbit/s. The estimated cell range will be between 30-50 
m indoors and 200 - 300 m outdoors. 

[0008] As shown in Fig. la. there are various possibil- 
ities how mobile ATM (asynchronous transmission 
mode) networks may be interconnected through the 
access nodes AN and. since the communication con- 
nections are ATM connections and are wireless, the 
security aspect is an important consideration in such a 
network architecture. In particular, the interoperability 
with security mechanisms of other networks is an 
inrtportant aspect. Also simplicity of upgrading and add- 
ing new functionalities is very important, especially as it 
is impossible to prove that any of the existing practical 
cryptosystems cannot be broken in future, due to the 
progress in mathematical theory and development of 
new more efficient algorithms. 

[0009] Therefore, as explained above, several steps 
have to be performed before a secure ATM connection 
in the wireless ATM communication network can be 
guaranteed. This will be explained below with reference 
to Fig. lb and Fig. 2. 

Conventional authentication procedure 

[0010] Fig. lb shows a simplified network configura- 
tion according to Fig. la for explanation purposes. Fig. 
1b represents a typical case when the wireless ATM 
system is a wireless LAN or a broadband access sys- 
tem, where it is desirable that a wireless ATM radio com- 
munication network WATM is to be connected to a fixed 
non-ATM system, for example to an Ethernet via access 
nodes AN of the WATM system and the FN system Typ- 
ically, the Ethernet only supports one secure associa- 
tion establishment protocol. 

[0011] However, in Fig. lb tfie Ethernet is only taken 
as an example for the non-ATM fixed network and it may 
be useful to connect a general wireless ATM radio com- 
munication network WATM to a network system through 
access nodes AN, wherein the network system can per- 
form different secure association establishment proce- 
dures. Of course, this implies that a signaling gateway is 
established between the network system and the WATM 
system. 

[0012] As is also shown in Fig. lb, a wireless commu- 
nication connection WCC is set-up between the ATM 
mobile terminal MT and the ATM access node AN and 
the ATM signaling is thus terminated in the access node 
AN. It is generally difficult to design services vii&tin the 
WATM system if these services should rely on functions 
and services in the fixed networks exactly because the 
ATM signaling is terminated in the access point AN. 
[0013] With the access node AN clearly being the 
enti-y point into tiie WATM system, it is obvious that the 
access node AN has to be protected against fraudulent 
and accidental misuse, such that not any subscriber can 
have access to the WATM system. As explained before, 
this is done by a two step mechanism, namely an 



authentication mechanism where the mobile station MT 
and the access node AM must recognize each other, 
and a second step where encryption methods are used 
on the radio link to provide a confidentiality level on the 

5 radio link. Thus, not any arbitrary subscriber station SS, 
for example from the fixed network SN. should gain an 
access and should be supported in the WATM system, 
but only such subscriber stations for mobile stations 
which are recognized by the WATM system. 

10 [0014] When a mobile terminal MT desires an access 
to the WATM system or requires a registration, the fol- 
lowing two types of registrations can be distinguished: 

1. The access node AN and the ATM mobile termi- 
75 nal MT must possess a secret authentication infor- 
mation Al and the authentication information must 
be the same in the access node AN and in the 
mobile terminal MT. Such an authentication infor- 
mation may typically be an authentication key or a 

20 challenge/response information. 

2. The ATM mobile terminal MT and the access 
node AN "don't know each other"; i.e. they cannot 
recognize each other. 

25 

[0015] In both cases, communication keys (encryp- 
tion/decryption keys) have to be generated and 
exchanged between the mobile terminal MT and the 
access node AN in any case. These communication 

30 keys CK are used to achieve a confidentially of the infor- 
mation transmitted on the wireless ATM connection. 
Protocols which are used to generate and exchange 
such communication keys CK are generally called "key 
agreement protocols" and in existing networks like 

35 GSM. DECT, IS-54, IS 95 and CDPD, they are com- 
bined with the sui)scriber authentication, thus building a 
so-called "atomic authentication and key agreement 
(AKA) protocor. 

[001 6] Generally, there are two categories of AKA pro- 

40 tocots that can be used for setting up the communica- 
tion between the ATM mobile terminal MT and the ATM 
access node AN. Namely, the frst category comprises 
for example the usage of tiie Diffie-Heilman encrypted 
key exchange (DH-EKE) protocol or the simple key 

45 exponential key exchange (SPEKE) protocol (see e.g. 
reference [1]: B. Schneier, "Applied Cryptography, Sec- 
ond Edition, Wiley, 1992" and reference [2]: D. Jablon 
"Strong Passwork only Authenticated Key Exchange, 
ACM Computer Communication Review, October 

so 1996"). A typical flow chart of how a secured communi- 
cation between ATM mobile terminal MT and an ATM 
access node AN of a wireless ATM radio communica- 
tion network WATM using this kind of protocol is 
achieved, is illustrated in Rg. 2. 

55 [0017] In Fig. 2. the mobile terminal MT and the 
access node AN exchange authentication information in 
step ST2 after starting the setup procedure in step ST1 . 
In ST3 it is checked whether the mobile terminal MT and 
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the access point AP recognize each other, i.e. whether 
the access node AN have stored an authentication infor- 
mation which coincides with that sent by the mobile ter- 
minal MT. It this is not so, "N" in step ST3. the exchange 
of authentication information is repeated in step ST2. If 
the mobile terminal MT and the access point AM use 
the same authentication information, "Y" in step ST3, 
then the MT and the access node AN agree on a 
secrete ciphering key in step ST4 (using the AKA proto- 
col). If MT/AN have agreed on a secret session key 
(communication or ciphering key) in step ST4. then a 
secure wireless ATM communication connection WCC 
has been established and the usual communication sig- 
naling protocol for information transfer can be setup in 
step ST5. The setup procedure comes to an end in step 
ST6. 

[0018] Therefore, using the conventional Diffie or Dif- 
fie-Hellman encrypted key exchange (DH-EKE) or the 
simple key exponential key exchange (SPEKE) proto- 
col, the authentication information Al is in fact estab- 
lished before completing the AKA protocol. However, 
there is a second category of AKA protocols, where the 
secret shared authentication information is not available 
before setting up the wireless communication connec- 
tion WCC based on the agreed session encryption 
keys. That Is. using protocols of the second category 
means that the shared authentication information only 
becomes available after, the secured communication 
connection has been set up. 

[0019] As is illustrated in Fig. lb, the situation 
becomes even more difficult if different signaling proto- 
cols are used on the wireless ATM communication con- 
nection WCC between the mobile terminal MT and the 
access node AN (i.e. an WATM signaling) and between 
the access node AN of the WATM network and the 
access nodes AN of the fixed networks SN, for example 
an internet signaling or an UMTS signaling. That is. if 
the access of the AN of the WATM communication net- 
work should be f lexittle enough to interconnect to differ- 
ent signaling protocols (for example internet signaling or 
UMTS signaling) then different authentication proce- 
dures or different AKA protocols may have to be used 
dependent on the used protocol between the ATM sys- 
tem and the fixed network FN. Therefore, sometimes 
the category 1 AKA protocol may have to be used and 
some times the category 2 AKA protocol may have to be 
used. Thus, in some cases the authentication informa- 
tion may not be available before setting up the 
encrypted ATM wireless communication connection 
WCC. 

Summary of the Invention 

[0020] As described above, the problem with setting 
up ATM wireless communication connections between 
a ATM mobile terminal and a ATM access node essen- 
tially resides in the fact, that either different kinds of AKA 
protocols are to be set up to the access node or that in 



6 

fact the authentication information is not available prior 
to completing the AKA protocol. 

[0021] Therefore, the object of the present invention is 
to provide a method, an authentication device, an ATM 
5 access node, an ATM mobile terminal as well as a ATM 
communication system, in which a secure communica- 
tion between a ATM mobile terminal and an ATM access 
node can be established. 

[0022] A secure communication is preferably to be 
10 established even if the authentication information is not 
available when completing the protocol or if various dif- 
ferent AKA protocols are to be used on the access node 
or if security mechanisms of other interconnected net- 
works are to be used. 

15 

Solution of the Object 

[0023] Essentially this object is solved by a method for 
setting up a secured communication between an ATM 

20 mobile terminal and an ATM access node of a wireless 
ATM radio communication network, comprising the step 
of setting up a wireless ATM radio communication con- 
nection between said ATM mobile terminal and said 
ATM access node without performing an authentication 

25 information checking procedure therebefore. wherein 
an information exchange on said wireless ATM radio 
communication connnection is performed by using a 
secret communication key agreed upon by said ATM 
access node and said ATM mobile terminal. 

30 [0024] Furthermore, this object is solved by an 
authentication device, in particular for a wireless ATM 
radio communication network, comprising, an authenti- 
cation information storage means for storing a plurality 
of authentication informations each corresponding to a 

35 respective ATM mobile terminal served by a wireless 
ATM radio communication network, and an authentica- 
tion information transmisssion means for issuing an 
authentication information in reponse to receiving an 
authentication information request from an ATM mobile 

40 terminal after a ATM wireless radio communication con- 
nection has been setup between said requesting ATM 
mobile terminal and said ATM access node using a 
secret communication key agreed upon by said ATM 
access node and said ATM mobile terminal. 

45 [0025] The object is also solved by an ATM access 
node of a wireless ATM communication network for set- 
ting up a secured wireless ATM communication connec- 
tion to an ATM mobile terminal, said ATM access node 
comprising, £ setup means for setting up a wireless 

50 ATM radio communication connection to said ATM 
mobile terminal without performing an authentication 
information checking procedure therebefore, a secret 
communication key storage means for storing a secret 
communication key used by said ATM mobile terminal 

55 and said ATM access node for performing wireless ATM 
communications. 

[0026] Furthermore, the object is solved by an ATM 
mobile terminal for setting up a secured communication 
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to an ATM acxess node of a wireless ATM communica- 
tion network, comprising, a setup means for setting up a 
wireless ATM radio communication connection to said 
ATM access node without performing an authentication 
information checking procedure therebefore, a secret 5 
communication key storage means for storing a secret 
communication key used by said ATM mobile terminal 
and said ATM access node for performing wireless ATM 
communications. 

[0027] Finally, the object is also solved by an ATM 10 
wireless communication network according to claim 32. 
[0028] The basic idea of the invention is to provide 
user chosen confidentiality level on the radio link by 
means of setting up a secure association between the 
WATM access node and the wireless ATM mobile termi- is 
nal without using an authentication as a first step. That 
is, according to the invention, a wireless ATM radio com- 
munication connection is established by agreeing upon 
a secret communication key CK between the ATM 
access node and the ATM mobile terminal, wherein no 20 
authentication information checking procedure is per- 
formed therebefore. 

[0029] Another aspect of the invention is that once the 
secured wireless ATM radio communication connection 
has been established between the mobile terminal and 25 
the access node, the mobile terminal tries to get the 
secret shared authentication information by use of 
higher level protocols communication from an authenti- 
cation device provided in the wireless ATM communica- 
tion ne^^. ork or provided in a network which is 30 
connected to the access node (with which the mobile 
terminal has setup the secure ciphered communication 
link) through a signalling path. This authentication 
device comprises an authentication information search 
means for storing a plurality of authentication informa- 35 
tions each corresponding to a respective ATM mobile 
terminal served by said wireless ATM radio communica- 
tion network. When the ATM communication connection 
has been set up, the mobile terminal requests an 
authentication infonmation from this authentication 
device and only then an authentication procedure is 
performed at the access node with the authentication 
information being provided by the authentication device. 
[0030] Another aspect of the invention is that the 
mobile terminal must receive the secret shared authen- 45 
tication information from the authentication device 
within a predefined period or within a period which has 
been negotiated between the mobile termir>al and the 
access node. If the mobile terminal receives the secret 
shared authentication infornnation within this period, 
then it either authenticates itself at the access node or 
this task is being taken care of by the authentication 
device which initially provided the authentication infor- 
mation. 

[0031] If the time runs out. i.e. if the mobile terminal ss 
cannot authenticate itself at the access node within the 
predefined time period, then the already setup wireless 
ATM radio communication connection is interrupted 



(closed) and information regarding the mobile terminal 
(which has unsuccessfully attempted an authentication) 
is stored in the access node. Preferably, if the same 
mobile terminal has already failed an authentication a 
predetermined number of times, then further access 
requests from this mobile terminal are immediately 
rejected by the access node. 

[0032] Preferably, before the authentication procedure 
is performed at the access node, the mobile terminal 
(the user) can choose a predetermined communication 
key (confidentiality level) to be used on the wireless 
ATM communication connection. Thus, the user or the 
user application itself can choose the degree of confi- 
dentiality which it desires on the wireless communica- 
tion connection. 

[0033] If the authentication device is located or part of 
the WATM system a signalling path is established 
through the access node to the authentication device in 
order to request the authentication information. This 
information is then preferably transferred back to the 
mobile terminal through the already setup ciphered 
communication link. 

[0034] If the authentication device is located or part of 
another network connected to the access node via a 
communication link, depending on the type of WATM 
network and the type of the connected network, a sig- 
nalling path is setup to the authentication device 
through the access node to request the authentication 
information. Preferably, this authentication information 
is again transfenred back to the mobile terminal along 
the already setup communication (ciphered) channel. 
[0035] Further advantageous embodiments and 
improvements of the invention may be taken from the 
dependent claims. Hereinafter, the invention will be 
described with reference to its advantageous embodi- 
ments and the attached drawings. 

Brief Description of the Drawings 



40 [0036] In the drawings: 



Fig. 1a shows a principle overview of possible net- 
work configurations including a wireless 
ATM network; 

Fig. lb shows an example where a wireless ATM 
system WATM is connected to a fixed net- 
work FN through access nodes AN; 



50 Fig, 2 



shows a conventional method to setup a 
secured communication between ATM 
mobile terminal and an ATM access node; 



Fig. 3 shows an authentication device SSD. an 
access node AN and a mobile terminal MT 
according to the invention; 

Fig. 4 shows a principle flowchart of the method 
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according to the invention; 

Fig. 5 shows a more detailed flowchart of setting 
up a secured communication according to 
the invention. 

Principle of the Invention 

[0037] As explained before, one of the big disadvan- 
tages of the existing secret-based AKA protocols is that 
the shared authentication information has to be estab- 
lished between the mobile terminal MT and the access 
node AN prior to completing the protocol. However, 
when different signaling protocols are used on the wire- 
less link between the mobile terminal MT and the 
access node AN (WATM signaling) and between the 
access node AN and other fixed network nodes, (e.g. 
internet signaling) then the setup of shared secret 
knowledge prior to secure association might be 
extremely difficult. This happens also when the access 
node AN is not connected to a fixed ATN network. In 
such case, some protocols might be used (e.g. Diffie- 
Hellman) to build out a temporary security association 
between AN and NT, i.e. to setup shared secret keys for 
radio link encryption. After setting a secure channel a 
regular end-to-end authentication might be done. 
[0038] According to the invention a method is estab- 
lished that provides a user chosen confidentiality level 
on the radio link by means of setting up a secure asso- 
ciation between the WATM access point and the wire- 
less ATM terminal without any authentication in the first 
run. After the secure association has been established, 
for example using an unauthenticated variant of the 
conventional protocol, the mobile terminal MT tries to 
get the secret shared authentication information by 
communicating with an authentication device (also 
called a security server) in the WATM network (or in fact 
in an interconnected fixed network) through a communi- 
cation (signalling) channel setup means of a higher level 
protocol. The transfer of the authentication information 
then takes place along the already setup ciphered com- 
munication channel. 

[0039] If the mobile terminal gets to secret shared 
authentication information within a predefined or negoti- 
ated period, it performs an authentication itself at the 
access node AN. This authentication procedure can be 
accomplished using either an authenticated variant of 
the flexible AKA protocol or other mechanisms. -Other- 
wise, the respective timer in the access node AN runs 
out arxj the access AN doses to wireless connected to 
thie mobile terminal MT Attacks of fraudulent or acci- 
dental misuse can be prevented to some extent by stor- 
ing the MAC address or other suitable information about 
the mobile terminal MT within the access point AN. After 
N unsuccessful connection setups further access 
requests from this mobile terminal MT are immediately 
rejected by the access node AN. 

[0040] Therefore, whilst all AKA protocols in the prior 



art use an authentication procedure before setting up 
the actual wireless ATM communication connection, 
one of the basic principles of the invention is based on 
the idea to first setup the wireless ATM communication 
5 between the mobile terminal MT and the access node 
AN by selecting and agreeing upon a common encryp- 
tion communication key and only thereafter possibly an 
authentication is performed. 

[0041] Embodiments of the mobile terminal MT, 
70 access node AN and the authentication device of the 
WATM system performing such a function are described 
below with reference to Fig. 3. It should be understood 
that Fig. 3 in principle corresponds to Fig. lb, i.e. a plu- 
rality of mobile terminals MT are connected to a wire- 
15 less ATM system and a wireless secured ATM 
communication connection WCC is to be set up 
between the mobile terminals MT and the access node 
AN. 

20 Embodiment of the mobile terminal MT/Access 
node AN 

[0042] Hereinafter, the functions performed by the 
mobile terminal MT and the access node AN according 
25 to the invention as shown in Fig. 3 will be illustrated with 
reference to the communication connection setup 
method as shown in Fig. 4. 

[0043] In Fig. 3 the ATM mobile terminal MT com- 
prises a setup means MT-SET for setting up a wireless 
30 ATM radio communication connection WCC to said ATM 
access node AN. Likewise, the access AN comprises a 
setup means AN-SET for setting up the wireless ATM 
radio communication connection WCC to said ATM 
mobile terminal fvlT. In the mobile terminal MT and the 
35 access node AN a respective secret communication key 
KC storage means CK-MEM stores a secret communi- 
cation key CK used by said ATM mobile terminal MT 
and said ATM access node AL for performing wireless 
ATM communications. After starting the setup prece- 
de dure in step Si in Fig. 4, the setup means MT-SET of 
the mobile terminal MT sends a setup request to the 
access node AN by means of a protocol, to setup a 
secure association, i.e. a secured wireless ATM radio 
communication connection WCC to said setup means 
45 AN-SET of the access node AN. As is seen in Fig. 4, 
there is no authentication procedure before or after the 
setting up procedure in 82. That is, in step S2 a fully 
operable (i.e. usable for data transfer) and ciphered 
wireless ATM radio communication link is setup which 
50 uses a secret communication key CK, (i.e. a confidenti- 
ality level or encryption key) which has been agreed 
upon by said ATM mobile terminal MT and said ATM 
access node AN for performing wireless ATM communi- 
cations. 

55 [0044] In step S2, a secrete key selection means MT- 
SEL of said mobile terminal MT can preferably prede- 
fine or select one of a plurality of secret communication 
keys CK stored in the secret communication key storage 
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means CK-MEM within the mobile terminal MT. That is. 
in step 82. the user or the user application can prede- 
fine a desired confidentiality level on the wireless ATM 
radio communication connection WCC. 

[0045] First, in step S2 a user chosen confidentiality 
level can preferably be provided on the radio link by 
means of setting up a secure association between the 
WATM access node AN and the wireless ATM mobile 
terminal without an authentication in the first run. Thus, 
by contrast to the category 1 AKA protocols, the proto- 
col illustrated in fig. 4 does not require the setup of 
shared authentication information between the mobile 
terminal MT and the access node AN prior to comple- 
tion of the protocol. The procedure is also applicable to 
category 2 protocols, because there is yet again no 
necessity to setup the secret shared authentication 
information before setting up the security association 
(i.e. the encryption key). Thus, the procedure in Fig. 4 is 
intrinsically different to what was described above for 
the category 1, category 2 setup protocols, since an 
authentication information agreement is not necessary 
before setting up of the operable wireless ATM radio 
communication connection WCC. 
[0046] After step S2 immediately the real communica- 
tion protocol for information transfer between MT/AN 
can be set up in step S6 whereafter the setup procedure 
comes to an end in step S7. 

Inclusion of the Authentication Information 

[0047] Whilst there is no necessity to perform an 
authentication before the setup of the communication 
channel WCC in Rg. 3. 4. preferably such an authenti- 
cation procedure may be carried out after step S2, as is 
shown in more detail in the flow chart in Rg. 5. 
[0048] To realize this authentication procedure, the 
wireless ATM network WATM (or any interconnected 
non-ATM or ATM fixed network) preferably comprises 
an authentication device SSD comprising an authenti- 
cation information storage AI-MEM for storing a plurality 
of authentication informations Al each corresponding to 
a respective ATM mobile terminal MT served by said 
wireless ATM radio communication network WATM. Fur- 
thermore, the device SSD comprises an authentication 
information transmission means TR for issuing an 
authentication information Al in response to receiving 
an authentication information recpjest AI-RQST from an 
ATM mobile terminal MT after said ATM wireless radio 
communication connection WCC has been setup 
between the ATM mobile terminal MT and said ATM 
access node AN. 

[0049] Instead of just exchanging autherrtication infor- 
mation between MT and AN. an autherrtication means 
MT-AN of the mobile terminal MT requests an authenti- 
cation information from the authentication device SSD 
(hereinafter also called a security server) of the WATM 
network (or the interconnected fixed network FN) 
through higher layer protocols in step S3. This request 



message is denoted AI-RQST in Fig. 3. In response to 
said request message AI-RQST. the security server 
SSD reads out from the memory AI-MEM an authenti- 
cation information corresponding to the mobile terminal 
5 MT requesting such information. It the requesting 
mobile terminal MT is an admitted (subscribed) mobile 
terminal MT, then tiie security server SSD should have 
an entry for this mobile terminal MT in the memory AI- 
MEM. 

10 [0050] In response to such a request AI-RQST the 
mobile terminal MT is authenticated at the access node 
AN. This can take place either by the security server 
SSD transferring the requested authentication informa- 
tion Al directly to the access node AN or alternatively 

75 tine security server SSD retums the authentication infor- 
mation Al to the mobile terminal MT via the already 
established secured (ciphered) communication channel 
WCC. At the mobile terminal the authentication informa- 
tion Al is received in an authentication information 

20 reception means MT-RM. 

[0051] Having established the secured communica- 
tion connection WCC between the mobile terminal MT 
and the access node AN authentication infornnation Al 
provided by an authentication device SSD located 

25 within the WATM system or even an interconnected net- 
work can now be transferred back to tiie mobile terminal 
MT in a secured or ciphered manner through the com- 
munication connection WCC. 

[0052] Then the mobile terminal MT itself performs the 
30 authentication procedure with the access node AN by 
transfen-ing the received authentication information Al 
to the access node AN. In both scenarios, the ATM 
mobile terminal MT is authenticated at the ATM access 
node by means of the transfer of the authentication 
35 information Al which iderrtifies the ATM mobile terminal 
MT at the ATM access node AN. Therefore, if an 
authentication information reception means AI-RM in 
tiie access node AN receives an authentication informa- 
tion Al, an authentication means AN-RN in said ATM 
40 access node AN performs the authentication of the ATM 
mobile terminal MT when the received authentication 
information Al is one that identifies the requesting ATM 
mobile terminal MT as an admitted ATM mobile terminal 
MT 

45 [0053] Therefore, no matter where to the authentica- 
tion information transmission means AI-TR of the secu- 
rity server SSD transmits the authentication information 
Al. an authentication procedure can always be per- 
formed successfully in st^ S5 if the authentication 

50 information Al is one that is recognized by said access 
node AN. That te. an authentication means MT-AN of 
said ATM mobile terminal can send an authentication 
information request message AI-RQST in step S3 in 
Rg. 5 to the network authentication device SSD and an 

55 authentication information reception means MT-RM 
receives that authentication information Al from said 
network authentication device SSD in response to the 
request message. Alternatively, the access node 
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authentication means AN-AM performs the authentica- 
tion on the basis of authentication information received 
from the security server directly. 

[0054] Preferably, after the access node AN has final- 
ized the setup of the wireless communication connec- 5 
tion WCC to said mobile terminal MT, a timer TMR in 
said access node AN can be set In step S2 in Fig. 5. 
Preferably, the timer TMR in AN sets a predetermined 
time period in which an authentication information 
reception by AI-RM in AN is expected. Therefore, inde- io 
pendently as to whether the authentication information 
Al is transmitted by the security server SSD or the 
mobile terminal MT itself, in step S4 a determination Is 
made by the timer TMR in AN as to whether or not the 
authentic information Al has been received in a prede- is 
termined time period. If It has been received, "Y" in step 
S4 in Fig. 5, then the normal authentication procedure 
can be performed in step S5. If "N" in step S4. then the 
timer TMR in AN waiting for the input of the authentica- 
tion information from MT (directly or through SSD) runs 20 
out. In this case, the previously setup wireless ATM 
communication connection WCC is closed in step S8 by 
an interrupt means INT in AN . 

[0055] Preferably an identity memory ID-MEM stores 
an identity information II. MAC of the ATM mobile termi- 25 
nal MT whose communication connection WCC has 
been released (closed). The identity information can for 
example be the MAC address of the requesting mobile 
terminal MT (MAC: Mobile Access Code). 
[0056] F; rthermore, if the access node AN recognizes 30 
that the mobile terminal MT presently requesting an 
authentication has already previously been trying to 
setup a communication to the access node AN, also the 
number of retries MTr can be compared with a maxi- 
mum number of retries N in step S10. If the same 35 
mobile terminal MT has requested an authentication 
more than N times, then an access node inhibition 
means AN-INBT will completely inhibit or reject any fur- 
ther setup requests from this mobile terminal MT in step 
31 1 . whereafter the procedure comes to an end in step 
312. 

[0057] The interrupt means INT in the ATM access 
node AN is responsible for closing an already set up 
secure wireless radio communication WCC, if said 
authentication iriformation reception means AI-RM does 
nor receive the authentication information from MT 
within the predetermined time period as is determined 
by the timer TRM in AN. If "N" in step S10. the proce- 
dure goes back to step S2 tocallow the setup of a com- 
munication connection WCC again in step S2. 
[0058] Preferably, also the ATM mobile terminal MT 
comprises a timer TMR and if after said sending of said 
authentication information request message AI-RQST 
an authentication information Al is not received from 
said network authentication device or security server 
SSD within a predetermined period, an interrupt means 
MT-IM of said ATM mobile terminal MT will close the 
setup wireless ATM radio communication networks 



WCC itself. The reason is, that at this point it can hardly 
be expected that the security service SSD of the WATM 
system will return an authentication information Al, i.e. 
that it is hardly likely that the mobile terminal MT has 
really a valid subscription for setting up communication 
connections in the WATM communication system. 

[0059] Preferably the ATM mobile terminal MT also 
comprises an automatic repetition means MT AUTO for 
automatically repeating a setup attempt after a prede- 
termined time interval. That is, even before the security 
server SSD returns a negative response, i.e. that no 
authentication information can be found in the memory 
AI-MEM for the presently calling mobile calling MT, the 
mobile terminal MT can automatically again request the 
setup of a communication connection WCC to said 
access node AN. 

[0060] If the mobile terminal MT has performed a pre- 
determined nurrtoer of repetitive setup requests, as 
counted by a counter MT-CNT. then an inhibition means 
MT-INHB of the mobile terminal MT inhibits any further 
setup requests after a predetermined number N of 
attempts. 

[0061] Therefore, not only the access node AN can 
reject further setup requests by the same mobile termi- 
nal MT but also the mobile terminal MT itself may 
decide and recognize that in fact the security server 
SSD has no information stored whatsoever that would 
Indicate that the presentiy calling mobile terminal MT is 
one that has been registered for wireless ATM connec- 
tions to said access node AN. 

[0062] Therefore, the above novel protocol can be 
summarized as follows (see also Fig, 5): 

S2: Setup a secure association (a secured com- 
munication connection WCC) between the 
mobile terminal MT and the access node AN 
without any authentication procedure; start a 
timer TMR in the access node; 



40 S3/S4: If the mobile terminal MT gets secret shared 

autiientication within the predetermined time 
period through the ciphered communication 
channel WCC then the authentication takes 
place. If not, the access node interrupt 
45 means INT Interrupts or closes the already 

setup communication connection WCC in 
step S8. 

S5: Either the mobile terminal MT authenticates 

so itself at the access node AN or the security 

server authentication device SSD authenti- 
cates the mobile terminal at the access node 
AN. If there is no time out by the timer TMR 
in the access node AN or the timer TMR in 
55 the mobile terminal f^. the general commu- 

nication protocol for information transfer is 
set up between MT and AN in step SB. 
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Industrial Applicabilitv 

[0063] As explained above a secure setup of a com- 
munication connection between MT and AN is estab- 
lished even if no authentication can be performed in the 5 
first run as explained with reference to Rg. 4. Authenti- 
cation is performed afterwards either between MT and 
AN or between the authentication device SSD and AN. 
This is useful tor example in a wireless ATM mobile ter- 
minal without hardware support for storing authentica- io 
tion information (e.g. a SIM card). 
[0(^4] By the provision of the communication key 
memory CK-MEM. the operator of the mobile terminal 
MT or in fact the user application itself can establish a 
user-chosen confidentiality level without following is 
authentication, e.g. to allow access of mobile terminals 
MT to networks in semi-public areas (e.g, airports). 
Rrst, for example a user-application like a program run- 
ning on a LAPTOP can - without a hardware support for 
storing authentication information like a SIM card - 20 
request an authentication information from a security 
server SSD and if a registration of such an authentica- 
tion information has been previously performed in the 
memory Al-MEM of the security server SSD, than an 
access of the mobile terminal MT to the network is 25 
granted. 

[0065] Furthermore, it should be noted that the 
authentication device SSD does not necessarily have to 
be a part of the WATM system. It can also be a part oif 
the interconnected ATM fixed network which is shown in 30 
Fig. 2. However, confidentiality of user data on the ATM 
wireless radio connection WCC can be guaranteed, 
even if the fixed network is only involved after the setup 
of the security association, for example if the authenti- 
cation information is requested from a security server 35 
SSD of the fixed network and is tiien - in a secure 
ciphered manner - transferred back to the mobile termi- 
nal through the secured communication channel. 
[0066] Thus, a security service SSD for WATM sys- 
tems can be implemented, that can be used in a non- 40 
ATM fixed network environment, i.e. if ATM calls are 
only used on the wireless radio link in the WATM sys- 
tem, whilst an ordinary digital transmission is used in 
the fixed network. Again, since the confidentiality is 
ensured on the wireless communication connection 45 
WCC, the authentication information can be requested 
and supplied by any security server SSD which is 
located even in the fixed network environment. This 
means that the transfer of the authentication information 
takes place along a wireless ATM communication con- so 
- - nection which is already secured by the agreed selected 
secret ciphering key CR. 

[0067] However, the inventive method, authentication 
device, mobile terminal and the access node can also 
be used in cases, where an ATM leased fixed network ss 
implements security services on top of the ATM layer. 
This means, if the fixed network system is also an ATM- 
based fixed network, first the communication channel 



WCC with its confidentiatity level is setup between the 
mobile terminal MT and the access node AN of the wire- 
less ATM system (or in fact to an access node AN of the 
ATM-based fixed network) and thereafter the (secured) 
authentication information exchange is performed. For 
requesting and receiving the authentication information 
from a security server SSD of the ATM-based fixed net- 
work, a separate signaling channel from the access 
node AN of the WATM system to the access node AN of 
the ATM-based fixed network is preferably used. 

[0068] The present invention provides confidentiality 
in different wireless ATM systems whidi are adapted for 
private and/or business and/or public environments or 
even mixed environments. Since the communication 
channel WCC is setup before a possible authentication 
procedure, there is provided the major advantage that 
security mechanisms within the WATM system or even 
security mechanisms from possibly interconnected 
fixed networks (non-ATM or ATM) can be accessed 
through the secured link WCC or can even be com- 
bined, in order to build a security architecture that offers 
much higher security level. Since the mobile terminal 
MT has access to tine security functions located else- 
where in an interconnected networK a security architec- 
ture can be built which is more flexible and which can 
offer a much higher security level. 
[0069] Whilst the invention has been described with 
reference to its embodiments and the drawings to illus- 
trate what is currently considered as the best mode of 
the invention, it is dear, that various modifications and 
variations will be possible for those skilled in the art in 
view of the above technical teachings. Therefore, the 
invention is not restricted to the present description and 
the scope of the invention is defined by the attached . 
claims. In these claims, reference numerals only serve 
darrfication purposes and to not limit the scope of the 
invention. In the drawings the same or similar reference 
numerals designate the same or similar parts or steps. 

Claims 

1 . A method for setting up a secured communication 
between an ATM mobile terminal (MT) and an ATM 
access node (AN) of a wireless ATM radio commu- 
nication network (WATM). comprising the step of 
setting up (S2) a wireless ATM radio communica- 
tion connedion (WCC) between said ATM mobile 
terminal (MT) and said ATM access node (AN) with- 
out performing (ST2, ST3) an authentication infor- 
mation checking procedure therebefore. wherein an 
information exchange on said wireless ATM radio 
communication connnection (WCC) is performed 
by using a secret communication key (CK) agreed 
upon by said ATM access node (AN) and said ATM 
mobile terminal (MT). 

2. A method according to claim 1 , 
characterized in that 
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after said setting up of said wireless ATM radio 
communication connection (WCC) between said 
ATM mobile terminal (MT) and said ATM access 
node (AN) is completed (S2). said ATM mobile ter- 
minal (MT) is autfienticated (S3. S5; S4, S8) at said 5 
ATM access node (AN) by transferring authentica- 
ton information (A!) identifying said ATM mobile ter- 
minal (MT) to said ATM access node (AN). 

3. A method according to daim 2, 10 
characterized m that 

said ATM mobile terminal (MT) sends an authenti- 
cation information request message (AI-RQST, S3) 
to a network authentication device (SSD) provided 
by said wireles ATM communication network is 
(WATM) or by a further interconnected network 
(FN). 

4. A method according to claim 3, 

characterized in that 20 
said authentication information (AI) is transferred 
(S4) to said ATM mobile terminal (MT) in response 
to said request message (AI-RQST) and said ATM 
mobile terminal (MT) performs an authentication 
procedure at said ATM access node (AN) using 25 
said transferred authentication information (AI). 

5. A method according to claim 3. 
characterized in that 

in- response to said request meassage (AI-RQST), 30 
said network authentication device (SSD) of said 
wireless ATM communication network (WATM) per- 
forms (S5) an authentication procedure for said 
ATM mobile terminal (MT) at said ATM access node 
(AN) using said requested authentication irrforma- 35 
tion (AI). 

6. A method according to claim 2. 
characterized in that 

after said secure wireless ATM radio commmunica- 40 
tion connection (WCC) has been set up (S2), a 
timer (TMR) in said ATM access node (AN) is 
started and said already setup wireless ATM radio 
commmunication connection (WCC) is closed by 
sard ATM access node (AN) if said ATM access 45 
node (AN) does not receive an authentication infor- 
mation (AI) for said ATM mobile terminal (MT) 
within a predetermined time period (SB). - 

7. A method according to claim 6, so 
_ . characterized in that 

identity information (II. MAC)) of said ATM mobile 
terminal (MT) and the number of authentication 
retries (MTr) is stored (ID-MEM) in said ATM access 
node (AN) if said ATM access node (AN) does not ss 
receive said authentication information (AI) within 
said predetermined time period (S9). 



571 AI 18 

8. A method according to claim 7, 
characterized in that 

when said number of authentication retries (MTr) 
exceeds (S10) a predetermined number (N), further 
requests by said ATM mobile terminal (MT) to set 
up a wireless ATM radio communication connection 
(WCC) between said ATM mobile terminal (MT) and 
said ATM access node (AN) are rejected (S1 1) by 
said ATM access node (AN). 

9. A method according to claim 1 . 
characterized in that 

said secret communication key (CK) is selected by 
said ATM mobile terminal (MT) during the setting up 
of the wireless ATM radio communication connec- 
tion (WCC). 

1 0. A method according to claim 1 , 
characterized in that 

to said wireless ATM radio communication network 
(WATM) access node (AN) is connected a non-ATM 
fixed network (FN) providing functions and services 
to a plurality of fixed network subscribers (SS), 
wherein said ATM mobile terminal (MT) accesses 
said functions and services via said secured wire- 
less ATM radio communication connection setup 
between said ATM mobile terminal (MT) and said 
ATM access node (AN). 

11. An authentication device (SSD). in particular for a 
wireless ATM radio communication network 
(WATM), comprising: 

a) an authentication information storage means 
(AI-MEM) for storing a plurality of authentica- 
tion informations (AI) each corresponding to a 
respective ATM mobile terminal (MT) served by 
a wireless ATM radio communication network 
(WATM): and 

b) an authentication information transmisssion 
means (TR) for issuing an authentication infor- 
mation (A I) in reponse to receiving an authenti- 
cation information request (AI-RQST) from an 
ATM mobile terminal (MT) after a ATM wireless 
radio communication connection (WCC) has 
been setup between said requesting ATM 
mobile terminal (MT) and said ATM access 
node (AN) using a secret communication key 
(CK) agreed upon by said ATM access node 
(AN) and said ATM mobile terminal (MT). 

1 2. A device according to claim 1 1 . 
characterized in that 

said transmission means (AI-TR) is adapted to 
transfer said authentication information (AI) back to 
said requesting ATM mobile terminal (MT). 
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1 3. A device according to claim 1 1 . 
characterized in that 

said transmission means (AI-TR) is adapted to 
transfer said authentication information (Al) to said 
AT7\fl access node (AN) to perform an authentica- 5 
tion procedure for said ATM mobile terminal at said 
ATM access node (AN). 

1 4. A device according to claim 11. 

characterized in that 10 
to said wireless ATM radio communication network 
(WATM) access node (AN) is connected a non-ATM 
fixed network (FN) providing functions and services 
to a plurality of fixed network subscribers (SS), 
wherein said ATM mobile terminal (MT) access said is 
functions and services via said secured wireless 
ATM radio communication link setup between said 
ATM mobile terminal and said ATM access node 
(AN). 

20 

15. An ATM access node (AN) of a wireless ATM com- 
munication network (WATM) for setting up a 
secured wireless ATM communication connection 
(WCC) to an ATM mobile terminal (MT). said ATM 
access node (AN) comprising: 25 

a) a setup means (AN-SET) for setting up (S2) 
a wireless ATM radio communication connec- 
tion (WCC) to said ATM mobile terminal (MT) 
without performing (ST2. ST3) an authentica- 30 
tion information checking procedure therebe- 
fore; 

b) a secret communication key (CK) storage 
means (CK-MEM) for storing a secret commu- 35 
nication key (CK) used by said ATM mobile ter- 
minal (MT) and said ATM access node (AN) for 
performing wireless ATM communications. 

16. An ATM access node (AN) according to daim 15. 40 
characterized by 

an authentication means (AN-AM) for authenticat- 
ing said ATM mobile terminal (MT) at said access 
node (AN) when an authentication information 
reception means (AI-RM) receives authenticaton 45 
information (Al) identifying said ATM mobile termi- 
nal (MT). 

17. An ATM access node (AN) according to daim 16, 
characterized in that so 
said autherrtication information reception means 
(AI-RM) receives said authentication information 

(A I) from said ATM mobile terminal (MT). 

18. An ATM access node (AN) according to daim 16, 55 
characterized in that 

said authentication irrformation reception means 
(AI-RM) receives said authentication information 



(Al) from a network authentrfication device (SSD) 
separately provided by said wireless ATM radio 
communication network (WATM) or by a further or 
interconnected network (FN). 

19. An ATM access node (AN) according to claim 16, 
characterized in that 

said ATM access node (AN) comprises a timer 
(TMR). which is started after said wireless ATM 
communication connection (WCC) between said 
access node (AN) and said ATM mobile terminal 
(MT) has been setup by said setup means (AN- 
SET). 

20. An ATM access node (AN) according to claim 19, 
characterized in that 

said ATM access node (AN) comprises an interrupt 
means (INT) for closing an already setup secured 
wireless radio commmunication connection (WCC) 
if said authentication information reception means 
(AI-RM) does not receive an authentication infor- 
mation for said ATM mobile terminal (MT) within a 
predetermined time period (S8) as determined by 
said timer (TMR). 

21. An ATM access node (AN) according to claim 20, 
characterized in that 

identity information (II, MAC)) of said ATM mobile 
terminal (MT) and the number of authentication 
retires (MTr) is stored in an identity memory (ID- 
MEM) in said ATM access node (AN) if said authen- 
tication information reception means (AI-RM) does 
not receive said authentication information (Al) 
within said predetermined time period (S9). 

22. An ATM access node (AN) according to claim 21 , 
characterized in that 

when said number of authentication retries (MTr) 
exceeds (SiO) a predetermined number (N), an 
inhibiting means (AN-INBT) of said ATM access 
node (AN) inhibits further requests by said ATM 
mobile terminal (MT) to set up a wireless ATM radio 
communication connection (WCC) between said 
ATM mobile terminal (MT) and said ATM access 
node (AN). 

23. An ATM access node (AN) according to claim 15, 
characterized in that 

to said ATM access node (AN) is connected a non- 
ATM fixed network (FN) providing functions and 
services to a plurality of fixed network subscribers 
(SS), wherein said ATM mobile terminal (MT) 
accesses said functions and services via said wire- 
less ATM radio communication link setup between 
said ATM mobile terminal and said ATM access 
node (AN). 

24. An ATM mobile terminal (MT) for setting up a 
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secured communication (WCC) to an ATM access 
node (AN) of a wireless ATM communication net- 
work (WATM), comprising: 

a) a setup means (MT-SET) for setting up (S2) 
a wireless ATM radio communication connec- 
tion (WCC) to said ATM access node (AN) with- 
out performing (ST2, ST3) an authentication 
information checking procedure therebefore; 

b) a secret communication key storage means 
(CK-MEM) tor storing a secret communication 
key (CK) used by said ATM mobile terminal 
(MT) and said ATM access node (AN) for per- 
forming wireless ATM communications. 

25. An ATM mobile terminal (MT) according to claim 
24, 

Characterized in that 

an authentication means (MT-AM) of said ATM 
mobile terminal (MT) sends an authentication infor- 
mation request message (AI-RQST; S3) to a net- 
work authentication device (SSD) provided by said 
wireles ATM communication network (WATM) or an 
interconnected fixed network (FN). 

26. An ATM mobile terminal (MT) according to claim 
25. 

characterized in that 

an authentication information recepetion means 
(MT-RM) receives said authentication information 
(Al) from said network authentication device (SSD) 
in response to said request message (AI-RQST). 

27. An ATM mobile terminal (MT) according to claim 
26, 

characterized in that 

said authentication means (MT-AM) transfers said 
received authentication information (Al) to said 
ATM access node (AN). 

28. An ATM mobile terminal (MT) according to claim 25 
and 26. characterized in that 

said ATM mobile terminal (MT) comprises a timer 
(TMR) and if after said sending of said authentica- 
tion information request message (AI-RQST) an 
authentication information (Al) is not received from 
said network authentication device (SSD). an inter- 
rupt means (MT-IM) of said ATM mobile terminal 
(MT) closes said setup wireless ATM radio commu- 
nication connection (WCC) between said mobile 
terminal (MT) and said ATM access node (AN) 

29. An ATM mobile terminal (MT) according to claim 
25. 

characterized in that 

said ATM mobile terminal (MT) comprises an auto- 
matic repetition means (MT-AUTO) for automati- 
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cally repeating a setup attempt after a 
predetermined time intervall. 

30. An ATM mobile terminal (MT) according to claim 
5 29. 

characterized in that 

said ATM mobile terminal (MT) comprises a counter 
(MT-CNT) which counts the number of repetitive 
attempts to setup a connection by said setup 
10 means (MT-SET). wherein an inhibition means (MT- 
INHB) Inhibits further setup requests after a prede- 
termined number (N) of attempts, 

31. An ATM mobile terminal (MT) according to claim 
IS 24, 

characterized by 

a secret key selection means (MT-SEL) for select- 
ing a secret key (CK) used for the wireless ATM 
communication connection (WCC). 

20 

32. An ATM wireless communication network (WATM), 
comprising at least one ATM mobile terminal (MT) 
according to one or more of claims 24-31, at least 
one ATM access node (AN) according to one or 

25 more of claims 15-23 and an exchange means (EX) 
for setting up ATM wireless radio communcication 
connections (WCC) between said at least one 
mobile terminal (MT) and said at least one ATM 
access node (AN). 

30 

33. An ATM wireless communication network (WATM) 
according to claim 32, characterized in that 

to said wireless ATM radio communication network 
(WATM) is connected a non-ATM fixed network 

35 (FN) providing functions and services to a plurality 
of fixed network subscribers (SS), wherein said 
ATM mobile terminal (MT) accesses said functions 
and services via said wireless ATM radio communi- 
cation connection (WCC) setup between said ATM 

40 mobile terminal (MT) and said ATM access node 
(AN). 

34. A method according to claim 4, 
characterized in that said authentication informa- 

45 tion (Al) is transferred back to said mobile terminal 
(MT) through said setup secured communication 
connection (WCC). 

35. A device according to claim 12, 

so characterized in that said transmission means (TR) 
transfers back said authentication information to 
said mobile terminal (MT) through said setup 
secured communication connection (WCC). 

SS 36. An access node (AN) according to claim 16. 

• characterized in that a transmission means (TR) of 
said access node (AN) transfers back said authen- 
tication information to said mobile terminal (MT) 
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through said setup secured communication con- 
nection (WCC). 

37. An ATM mobile terminal (MT) according to claim 
26. 

characterized in that said authentication informa- 
tion reception means (MT-RM) receives said 
authentication information (A I) through said setup 
secured communication connection (WCC) setup 
between said access node (AN) and said ATM 
mobile terminal (MT). 

38. An ATM mobile terminal (MT) according to claim 27 
characterized in that said authentication means 
(MT-AM) transfers said authentication information is 
(Al) through said secured communication connec- 
tion (WCC) setup between said access node (AN) 
and said ATM mobile terminal (MT) to said access 
node (AN). 
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